buffer overflow in adobe reader 8/9

[robinb]

http://www.adobe.com/support/security/advisories/apsa09-01.html

Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and
Acrobat

Release date: February 19, 2009

Vulnerability identifier: APSA09-01

CVE number: CVE-2009-0658

Platform: All platforms
Summary

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9
and earlier versions. This vulnerability would cause the application to
crash and could potentially allow an attacker to take control of the
affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve
the relevant security issue. Adobe expects to make available an update for
Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8
and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7
updates to follow. In the meantime, Adobe is in contact with anti-virus
vendors, including McAfee and Symantec, on this issue in order to ensure the
security of our mutual customers. A security bulletin will be published on
http://www.adobe.com/support/security as soon as product updates are
available.

--
Do You Feel Like a Hostage To Your Computer?
Then You Need
R&D Internet Associates
24 Coriander Drive
Princeton NJ 08540
732-355-0156
http://rdinternetassociates.com

 

[Randy Knobloch]

http://www.adobe.com/support/security/advisories/apsa09-01.html

<snip>
This is basically a short-term fix, which basically tells users of affected software to
disable JavaScript in Preferences.
OK, done, until Adobe release a "real" patch.
Beware of third-party fixes as outlined here >
<http://www.theregister.co.uk/2009/02/24/unofficial_adobe_patch/>

More info here which goes to the URL Robin posted >
<http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090221>

 

[Tom Emmelot]

Hi Robin,

I use this for a while now!

http://www.foxitsoftware.com/downloads/
Faster, plugin for firefox also and PDF creator also!

Regards >*<TOM >*<

robinb schreef:

 

[Alan D]

Hi Tom. I use Foxit too - but presumably it too is vulnerable to this
exploit?
Alan D

 

[robinb]

I did the fix until the patch comes out. Adobe asks you to do it
the fix is
Open Adobe Reader

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat
JavaScript- then click OK
they say the reader will still crash if it is hit by the exploit but it will
not spread the exploit
robin

 

[Bill Sanderson]

I recommend this action if you are worried about this issue. It is easily
reversible and effective--and the chance are you've never seen a PDF that
needed javascript.

So far, this is a limited scale targeted attack--so I'm sitting tight as far
as machines that I administer.

I did the fix until the patch comes out. Adobe asks you to do it
the fix is
Open Adobe Reader

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat
JavaScript- then click OK
they say the reader will still crash if it is hit by the exploit but it
will not spread the exploit
robin

--

 

[Bill Sanderson]

Breaking
It now appears that javascript is unnecessary to exploit the vulnerability,
according to Secunia.

Best to watch for the patch from Adobe. And, get the older versions updated
to 9.x. They are all vulnerable, but 9.x will be patched first.

I recommend this action if you are worried about this issue. It is easily
reversible and effective--and the chance are you've never seen a PDF that
needed javascript.

So far, this is a limited scale targeted attack--so I'm sitting tight as
far as machines that I administer.

--

 

[robinb]

problem is my husband can only use adobe 8 for some of his tax pdfs. For
some reason adobe 9 will not allow you to fill in some of the forms online.
Only adobe 8 will allow this- got me why they made this change. I did the
fix but we will wait for the patch and pray
robin

 

[Bill Sanderson]

Ouch. 9 usually, but not always, replaces 8--not sure they can really
coexist--when I've seen both in add or remove programs, I 've just removed 8
asap.

Here's hoping Adobe will do the right thing and patch 8 as well.

problem is my husband can only use adobe 8 for some of his tax pdfs. For
some reason adobe 9 will not allow you to fill in some of the forms
online. Only adobe 8 will allow this- got me why they made this change. I
did the fix but we will wait for the patch and pray
robin

Breaking
It now appears that javascript is unnecessary to exploit the
vulnerability, according to Secunia.

Best to watch for the patch from Adobe. And, get the older versions
updated to 9.x. They are all vulnerable, but 9.x will be patched first.

--